Here’s What You Need to Secure Your WordPress Site in 2014 & Beyond

Internet security is the only topic on the web that I can predict will always be in the headlines as long as mankind and internet technologies exist. As we take exponential leaps and bounds in technological advancements, security is an issue that is always there to keep us busy. An increased number of our most valuable assets are gradually being transferred online in the form of private data, financial information and general web presences and the opportunities for exploitation by scammers and thieves increase. Our reliance on the web can potentially be our greatest downfall. Especially those of us who are not prepared.

As you search the web you’ll find a plethora of articles on how to secure your WordPress blog but you won’t find articles that point out the overall evolution of online threats and the fact that exploits and attack maneuvers are becoming tremendously complex and smarter and WordPress sites are at great risk. Keeping your WordPress installation up to date, tweaked and cleaned won’t cut it for total security.

Thankfully, for every problem there is at least one solution and as we begin to understand security trends and how exploitation becomes stronger overtime, there are always new solutions to back us up.

A Smarter, More Sophisticated Web Threat

My thought process is that if big budget companies like Target, Adobe, Sony and even the Department of Homeland Security can be hacked, what stops attackers from simply tearing my site to shreds? Then I find comfort in the fact that I’m not a target simply because I’m not that much in the spot light. However, the threat is real on many levels and complacency leads to disaster.

The average WP tweaks and security measures we can employ as webmasters such as hiding our installation directories, changing database prefixes, limiting login attempts, etc. can only do so much and no more. These tweaks will not protect against distributed denial-of-service (DDoS) attacks, spoofing, eavesdropping and zero day attacks that quickly exploit unknown vulnerabilities. These attacks are becoming more sophisticated and your typical web host is not equipped to prevent the advanced versions of these attacks. They can only pick up the pieces when the damage is already being inflicted and help you “rebuild your house.”

The New Breed of Web Hosting & Security Providers

To sum it up, you cannot rely on the few tweaks you can implement on your own for complete protection. It just doesn’t cover all layers within your network. To answer this call for better WordPress security there are a number of noteworthy web hosts and website security providers popping up bringing powerful new features to the game.

The Best Web Hosts for WordPress Security

The first thing you need for securing WordPress is a strong web host and not the basic providers that are on offer for $5 per month. Don’t get me wrong, I have nothing against them and their service performs well for running your website, but they do not have you covered in the worst case scenario.

I highly recommend managed WordPress hosting providers such as WP Engine and Web Synthesis who take the hosting game to a whole new level. A strong, proactive and responsive web host is absolutely the first step for securing your website or blog. Here’s what these guys offer that you won’t find with the average host:

1. Platform built solely for WordPress – You won’t be able to host any other type of website. This is for serious WP users. The great thing about this is that the focus is only on WordPress. Everything is invested in making your installations stronger, faster and more secure. Versus the typical web host whose resources are spread and even strained across hundreds of service types and customer profiles.

2. Powerful servers that eliminate the need to use caching plugins – I’ve recently moved a site to WP Engine and there’s a noted 80% decrease in load time. Standard web hosts will always be slower. There business models forces them to squeeze as many sites onto each server as they can. Resources are limited.

3. Proactive Firewall & Malware Prevention – You’d think that every web host does this but they usually only find threats when they’ve already taken root.

These hosting services start at US $27 per month with generous features. Sure that’s more expensive than average but your website is your investment. Give them a try and you won’t be disappointed. The increased speed is enough to make you fall in love.

Third Party Web Security Providers

Cloud based security providers are the future of web security. They eliminate the need for large and small companies to invest in network and application security infrastructure. Security and availability is their absolute focus. A cloud based security company like Fireblade is a powerful addition to your web security arsenal and will be your best bet for complete security for your website. They provide standard cloud features such as DDoS protection, widely distributed content delivery network, website acceleration and firewall a tier above a service like Cloudflare.

The most noteworthy feature Fireblade offers is their shift away from the predominant use of web application firewall signature based threat profiling, to an analysis of user / machine behavior on the web. They not only monitor IPs, and other network footprints but also track whether users are clicking on sites they visit or are automated traffic, the number of sites visited per day and other human like characteristics to determine whether the user is human or a bot. The data that is collected about each fingerprint is like a dossier which adds to their intelligence of threats and real-time behavior. This is unique to Fireblade and is an innovation that steps up to the challenge of a more intelligent web security threat.

The use of a powerful and innovative web host and a proficient cloud web security provider is the foundation of securing your WordPress blog. Implementing tweaks without the platform for support is like building a concrete house on wet sand. The foundation needs to be secure.

It may be time to evaluate your website’s security and start budgeting a little to secure your site’s availability and presence in an ever changing marketplace. Security is among the highest priorities on your list.

Robyn-Dale Samuda is a Web Developer & is owner of Yuraki, a Website Development, IT Consultation & Online Marketing Firm in Jamaica. He has a passion for the web and helping clients achieve more online.

Thanks for commenting and yes there are good lower tier hosts out there. Which are good starting points for new websites. However, as sites grow, popularity and traffic increases, one has to graduate from the lower tier hosts and bump up the security and speed.

What about small non profits and other non commercial sites? $27.00 a month is out of the question. You presume everyone makes good money from their sites, but I’d say half the web doesn’t make enough to justify paying that much.

A couple good lower range hosts are HostGator.com and BlueHost.com. These are pretty good as a starting point and I never had any major technical problems with them over the years. As mentioned in the article, they don’t have powerful prevention methods and are usually good at cleaning up after malicious damage is already done.